Since the wireless local area network standard Institute of Electrical and Electronics Engineers (IEEE) 802.11 is released in 1997, under the promotion of the WiFi alliance formed by many companies advanced in the industry, a WiFi technology is developed rapidly with advantages of rapid deployment, convenient use, high transmission rate, and the like. Currently, the WiFi technology has been widely applied in various industries. Existing notebook computers, personal digital assistants (PDAs), mobile phones, and the like all support the WiFi technology. Access points of a WiFi network are distributed in hotels, cafes, schools, hospitals, and other places. Therefore, the WiFi technology is everywhere in the life.
With the development and wide application of the WiFi technology, requirements on related security technologies emerge. WiFi protected setup (WPS) is one of technologies for ensuring security when a WiFi connection is established. The WPS mainly emphasizes two points, namely, security and simplicity, that is, a configuration process needs to be simple, and a configured network needs to be secure. The existing WPS is mainly based on a key exchange algorithm.
Currently, scenarios in which the WPS is applied mainly include the following two scenarios. A first scenario is that a key is configured between a terminal used as an enrollee (a registered party) and an access point (AP) used as a registrar, so that the terminal and the AP can perform data interaction with each other based on the configured key subsequently. A second scenario is a peer to peer (P2P) authentication and configuration process. An objective of the research of P2P in the WiFi technology lies in that in a case in which there is no infrastructures such as a cellular network or a hotspot, direct peer to peer discovery can be implemented between terminal devices using a WiFi function, where in this scenario, one terminal is used as a client (client), the other terminal is used as a group owner (GO), a key is configured between the client and the GO, so that the client and the GO can perform data interaction with each other based on the configured key subsequently.
A key configuration manner used in the prior art is mainly based on a key exchange algorithm, that is, one pair of public and private keys are separately generated for a first device and a second device; the first device and the second device exchange public keys through an air interface, that is, the first device sends the public key of the first device to the second device through the air interface, the second device sends the public key of the second device to the first device through the air interface; the first device generates a shared key using the public key of the second device and the private key of the first device, the second device generates a shared key using the public key of the first device and the private key of the second device, and the first device and the second device perform subsequent secure transmission using the shared keys.
However, the key configuration manner in the prior art is easily attacked, an attacker easily intercepts, on the air interface, the public keys transmitted between devices, and separately performs the foregoing key exchange algorithm with the first device and the second device using a public key of the attacker, that is, masquerades as the second device to establish a secure connection with the first device, and masquerades as the first device to establish a secure connection with the second device, causing that a message transmitted between the first device and the second device is listened to by the attacker.